Adobe Systems today released an out-of-band security update that fixes a critical type confusion vulnerability in Flash Player, which if exploited could lead to arbitrary code execution in the context of the current user.
Designated CVE-2018-15981, the bug was found in versions 31.0.0.148 and earlier of Flash Player Desktop Runtime, Flash Player for Google Chrome and Flash Player for Microsoft Edge and Internet Explorer 11. The flaw is addresses in version 31.0.0.153 of the product.